From 7213211c9637a3fb252d1fb1979cd7173f2c3898 Mon Sep 17 00:00:00 2001 From: Erik Larsson Date: Mon, 9 Jan 2012 03:41:02 +0100 Subject: [PATCH] ntfswipe.c: Fixed writing incorrect $MFTMirr entries in wipe_mft. The dereferencing of 'offset' and 'usa' from the MFT record wasn't an le16* dereference but a u8* dereference, leading to only the least significant byte (little-endian systems) or the most significant byte (big-endian systems) being part of the value. (So while this bug could go unnoticed on little-endian systems for volumes with small values of 'usa', it caused even more significant problems on big-endian systems.) Fixed by properly casting the address to le16* before dereferencing. --- ntfsprogs/ntfswipe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ntfsprogs/ntfswipe.c b/ntfsprogs/ntfswipe.c index d3e8f1eb..9abb6c68 100644 --- a/ntfsprogs/ntfswipe.c +++ b/ntfsprogs/ntfswipe.c @@ -739,8 +739,8 @@ static s64 wipe_mft(ntfs_volume *vol, int byte, enum action act) // We have to reduce the update sequence number, or else... u16 offset; u16 usa; - offset = le16_to_cpu(*(buffer + 0x04)); - usa = le16_to_cpu(*(buffer + offset)); + offset = le16_to_cpu(*((le16*)(buffer + 0x04))); + usa = le16_to_cpu(*((le16*)(buffer + offset))); *((u16*) (buffer + offset)) = cpu_to_le16(usa - 1); result = ntfs_attr_mst_pwrite(vol->mftmirr_na, vol->mft_record_size * i,